WHAT IS CLAIMED IS: 

1 1 . A method for preventing overrun of an input data buffer within a program having the 

2 input data buffer on a stack data structure, the program executing on a computing system, the 

3 method comprising: 

4 pushing all arguments to a function onto the stack data structure; 

5 pushing a return address onto the stack data structure for use in obtaining the memory 

6 address for the instruction to be executed upon completion of the function; 

7 pushing onto the stack data structure a security token, the security token comprises a 
p 8 randomly generated data value; 

yj 9 allocating memory locations on the stack data structure for use as local variables 

2f 10 within the function; 

: ; ; 

k=i 1 1 completing the instructions within the function; 

p 12 retrieving the security token value from the stack data structure; and 

13 if the retrieved security token value is identical to the randomly generated data value, 

2 14 return from the function using the return address stored on the stack data structure. 

1 2. The method according to claim 1 , wherein the method further comprises aborting the 

2 operation of the program if the retrieved security token value is not identical to the randomly 

3 generated data value. 

1 3. The method according to claim 1, wherein the randomly generated data value is 

2 determined using a random number generator once each time the program is executed. 
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1 4. The method according to claim 3, wherein the random number generator generates the 

2 randomly generated data value using a snapshot of a system clock within the computing 

3 system obtained before the program first accepts input data. 

1 5. The method according to claim 1, wherein the function comprises a subroutine that 

2 does not return a data value. 

1 6. The method according to claim 1 , wherein the function comprises a subroutine that 

2 does returns one or more data values. 

1 7. An apparatus for preventing overrun of an input data buffer within a program having 

2 the input data buffer on a stack data structure, the program, the apparatus comprising: 

3 a function call module placing arguments to a function and a return address onto the 

4 stack data structure; 

5 a push security token module placing onto the stack data structure a security token, 

6 the security token comprises a randomly generated data value; 

7 a perform function module performing the operations within the function, the perform 

8 function module allocates memory locations on the stack data structure for use as the input 

9 data buffer; 

10 a pop security token module retrieving the security token from the stack data structure 

1 1 upon completion of the operation of the perform function module. 

12 a test module comparing the retrieved security token with the randomly generated 

13 data value; and 

14 a complete function module completing the operation of the function; 
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wherein the complete function module returns from the function if the retrieved 
security token is determined to be identical to the randomly generated data value by the test 
module. 

8. The apparatus according to claim 7, wherein the complete function module aborts the 
operation of the program if the retrieved security token is determined not to be identical to 
the randomly generated data value by the test module. 

9. The apparatus according to claim 8, wherein the randomly generated data value is 
determined using a random number generator module once each time the program is 
executed. 

10. The apparatus according to claim 9, wherein the random number generator module 
generates the randomly generated data value using a snapshot of a system clock within the 
computing system obtained before the program first accepts input data. 

11. The apparatus according to claim 9, wherein the function comprises a subroutine that 
does not return a data value. 

12. The apparatus according to claim 9, wherein the function comprises a subroutine that 
does returns one or more data values. 

13. A computer program product readable by a computing system and encoding a set of 
computer instructions for preventing overrun of an input data buffer within a program having 
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the input data buffer on a stack data structure, the program executing on a computing system, 
the method comprising: 

pushing a return address onto the stack data structure for use in obtaining the memory 
address for the instruction to be executed upon completion of the function; 

pushing onto the stack data structure a security token, the security token comprises a 
randomly generated data value; 

completing the instructions within the function; 

retrieving the security token value from the stack data structure; 

if the retrieved security token value is identical to the randomly generated data value, 
return from the function using the return address stored on the stack data structure. 

14. The computer program product according to claim 13, wherein the method further 
comprises aborting the operation of the program if the retrieved security token value is not 
identical to the randomly generated data value. 

15. The computer program product according to claim 13, wherein the randomly 
generated data value is determined using a random number generator once each time the 
program is executed. 

16. The computer program product according to claim 15, wherein the random number 
generator generates the randomly generated data value using a snapshot of a system clock 
within the computing system obtained before the program first accepts input data. 

17. The method according to claim 13, wherein the function comprises a subroutine that 
does not return a data value. 
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1 18. The method according to claim 13, wherein the function comprises a subroutine that 

2 does returns one or more data values. 

1 19. A computer program product, according to claim 13, wherein the computer data 

2 product comprises a set of computer instructions encoded and stored onto a computer- 

3 readable storage medium. 

1 20. A computer program product, according to claim 13, wherein the computer data 

2 product comprises a set of computer instructions encoded within a carrier wave for 

3 transmission between computing systems. 
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